Sergey Nivens - Fotolia
For decades, firewalls have played an important role in protecting private networks from potentially harmful traffic from third-party networks and the public internet. Firewalls provide a line of defense by monitoring inbound and outbound traffic activity. The firewall can block traffic that does not adhere to policy or is otherwise known to be potentially damaging.
Today, five types of network firewalls differ in how they assess traffic and affect network performance. The different types of network firewalls are packet filtering firewalls, circuit-level gateways, stateful inspection firewalls, application or proxy firewalls, and next-generation firewalls.
A packet filtering firewall reflects the original approach to providing a perimeter security system for deflecting malicious traffic at the router or switch. By inspecting incoming and outgoing data packets at the switch or router, the firewall can get basic data on destination and origin IP address, port number and packet type. If the packet does not meet security policy, the firewall won't forward it to its destination.
Because packet filtering firewalls don't have to open the packet, they can process traffic information quickly. However, these are fairly basic systems that are relatively easy to circumvent.
Circuit-level gateways track the TCP handshake between packets to determine if it's a valid session. Traffic is allowed through or rejected based on session policies. These gateways don't reveal data about the network they are protecting, but they also don't inspect packets. They may easily miss malicious traffic.
A stateful inspection firewall examines each packet in the context of the TCP session in which it is engaged, tracking activity from the start of the session to the end. This type of firewall accepts or rejects traffic on the basis of both security policy and data collected from prior activity that was part of the same connection. Stateful inspection firewalls provide more advanced controls than packet filtering firewalls, but they are slower to process packets, which puts a drag on network performance.
In this video, see how firewalls filter packets and safeguard enterprise networks.
An application or proxy firewall filters incoming traffic at the application layer. The proxy firewall makes a connection at the traffic's point of origination, inspecting the packet for malicious content or policy violations, including known viruses, flagged websites and exploits. While application firewalls can be particularly effective, they can also slow network performance.
Next-generation firewalls represent the most modern and broadest class of security gateways. These firewalls blend traditional packet filtering and stateful inspection capabilities with more sophisticated features, such as deep packet inspection and encrypted traffic inspection. Next-generation firewalls might also add other functionalities outside the bounds of traditional gateway systems, such as quality of service, bandwidth management and identity management.
Dig Deeper on Network Security
Related Q&A from Amy Larsen DeCarlo
AI network monitoring has great potential, but companies need to pare down the number of network monitoring tools they use now in order to reap AI's ... Continue Reading
Multi-tenant public cloud monitoring can pose significant challenges. Luckily, some tools can help track these environments and even flag potential ... Continue Reading
Network analytics use cases illustrate some of the benefits that companies are receiving from network analysis tools. Gauging network performance is ... Continue Reading